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Response to Office Action of September 9, 2005 

Amendments to the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims : 

1. (currently amended) A method facilitating deployment of volume-based netwoiic 
policies across a computer network, the method comprising the steps of: 

monitoring, over a given time interval, the aggregate volume of data transfer 
corresponding to each user of a plurality of users; 

detecting, for a first user in the plurality of users, a network utilization mUestone^ 
wherein the network utilization milestone occurs when , within the given time interval 
the aggregate volume of data transfer associated with the first user crosses a threshold; 
and 

affecting a characteristic associated with the network access provided to the first 
user identified in the detecting step, 

2. (previously amended) The method of claim 1 wherein the affecting step comprises 
the step of: 

affecting a performance characteristic of the netw-ork access provided to the first 
user identified in the detecting step. 

3. (previously amended) The method of claim 1 wherein the affecting step comprises 
the step of: 
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degrading the network access provided to the first user identified in the 
detecting step. 

4. (previously amended) The method of claim 1 wherein the affecting step comprises 
the step of: 

den)nng further network access to the first user identified in the detecting step. 

5. (previously amended) The method of daim 1 wherein the affecting step comprises 
the step of: 

charging the first user identified in the detecting step for further network access. 

6. (previously amended) The method of claim 1 further comprising the step of 

notifying the first user when the aggregate volume of data transfer associated 
vdth the first user approaches the threshold. 

7. (previously amended) The method of claim 1 wherein the detecting step comprises 

comparing the aggregate number of transferred bytes associated with the first 
user over a given time interval against a threshold level defining the network utilization 
milestone. 

8. (original) The method of claim 3 wherein network access is degraded only with 
respect to a predefined set of traffic types. 

9. (original) The method of claim 4 wherein network access is denied only with respect 
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ix> a predefined set of treiffic types. 

10. (original) The method of claim 1 wherein the monitoring step is performed only 
with respect to a predefined set of traffic types. 

11. (currently amended) A method facilitating deployment of volume-based network 
policies across a computer network, the method comprising the steps of 

monitoring, over a given time interval^ the aggregate volume of data transfer 
corresponding to each user of a plurality of users within a given time interval , wherein 
the agg re gate volume of data transfer characterizes the volume of data corresponding 
to past and current data flows over the given time interval: 

detecting, for a first user in the plurality of users, a network utilization milestone, 
wherein the network utilization milestone occurs whe n, within the given time intervaL 
the aggregate volume of data transfer associated with the first user crosses a threshold; 
and, 

affecting, for the remainder of the time interval, a characteristic associated with 
the network access provided to the first user identified in the detecting step. 

12. (previously amended) The method of claim 11 wherein the affecting step comprises 
the step of: 

affecting a performance characteristic of the network access provided to the first 
user identified in the detecting step. 

13- (previously amended) The method of claim 11 wherein the affecting step comprises 
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the step of: 

degrading the network access provided to the first user identified in ihe 
detecting step. 

14. (previously amended) The method of claim 11 wherein the affecting step comprises 
the step of: 

denying further network access to the first user identified in the detecting step. 

15. (previously amended) The method of claim 11 wherein the affecting step comprises 
the step of: 

charging the first user identified in the detecting step for further network access. 

16. (previously amended) The method of claim 11 further comprising the step of 

notifjnng the first user when the aggregate volume of data transfer associated 
with the first user approaches the threshold. 

17. (previously amended) The method of claim 11 wherein the detecting step 
comprises 

comparing the aggregate number of transferred bj'tes associated with the first 
tiser over a given time interval against a threshold level defining the netw^ork utilization 
milestone. 

18. (original) The method of claim 17 wherein the time interval is a fixed time interval. 
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19. (original) The niethod of claim 17 wherein the time interval is a sliding time 
interval. 

20. (original) The method of claim 13 wherein network access is degraded only with 
respect to a predefined set of traffic types. 

21. (original) The method of claim 14 wherein network access is denied only with 
respect to a predefined set of traffic types. 

22. (original) The method of claim 1 wherein the morutortng step is performed only 
with respect to a predefined set of traffic types. 

23. (currently amended) A method facilitating deployment of volume-based network 
policies across a computer network^ the method comprising the steps of 

registering a user at a network access device connected to a first computer 
network, the network access device including an IP address; 
associating the IP address with the user; 

providing the user access to a second computer netwwk by changing the 
configuration of a network device in a communication path between the first computer 
network and the second computer netw^ork; 

monitoring, over a given time interval, the aggregate volume of data transfer 
associated witti Hxe IP address; 

detecting a network utilization milestone based on the aggregate volume of data 
transfer within the given time interval associated with the IP address relative to a 
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threshold; 

changing the configuration of the network device to affect a characteristic 
associated with access to the second network provided to the user. 

24. (currently amended) An apparatus facilitating the deployment of volume-based 
network policies across a first computer network, the first computer network 
comprising at least one traffic monitoring device operative to monitor the volume of 
network traffic generated by individual users, and at least one network control device 
operative to control access to a second computer network^ comprising 

a user account database maintaiiung the respective aggregate volumes of data 
transfer corresponding to each user of a plurality of users; 

a data logging module operative to collect the aggregate volume of data transfer 
within a given time interval for the plurality of users collected data in the user account 
database; 

a network usage monitor operative to: 

scan the user account database to detect for a first user in the plurality of 
users, a network utilization milestone reached by the first user based on the aggregate 
volume of data transfer associated with the first user in relation bo a threshold and the 
[[a]] given time interval^ and 

modify the configuration of the network control device to affect a 
characteristic of access to the second computer network for the first user. 

25, (original) The apparatus of claim 24 further comprising a user interface module 
operative to register new users and create corresponding user accounts in the user 
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account database. 

26. (original) The apparatus of claim 25 wherein the apparatus, in response to 
registration of a new user, is operative to modify the configuration of the network 
control device to allow access to the second computer network for the new user. 

27. (previously amended) A system facilitating the deployment of volume-based 
network policies across a first computer network, comprising 

a bandwidth management device operably connected to a communication path 
between the first computer network and a second computer network^ 
wherein the bandwidth management device is operative to: 

monitor, for a first host in a plurcdity of hosts connected to the first 
network, the aggregate volume of network traffic generated by the first host over a 
given time interval, and 

enforce bandwidth utilization controls associated with individual hosts on 
data flows generated by the respective individual hosts; 
a user mianagement server operative to: 

detect for the first user, a network utilization milestone based on the 
aggregate volume of data transfer in relation to a utilization threshold and the given 
time interval; and, 

in response to a network utilization milestone, change the configuration of 
the bandwidth management device to associate bandwidth utilization controls 
corresponding to the milestone with the first host. 



Pages of 14 



PAGE 11/17 * RCVD AT 12/29/2005 3:02:09 PM [Eastern Standard Time] * 8VR:USPTO-EFXRP-6/30 * DNIS:2738300 « CSID:41S 480 1780 * DURATION <mm-ss):05-04 



Dec 29 05 01:02p Mark J. Spolyar 



415-480-1780 



p.12 



Appl. No.: 10/027,101 

Amdt. Dated December 29^ 2005 

Response to Office Action of September 9, 2005 

28. (original) The system of claim 27 wherein the bandwidth management device is 
operative to redirect data flows generated by urxkaown hosts on the first computer 
network to the user management server; and wherein user management server is 
operative to register unknown hosts and change the configuration of the bandwidth 
management device to associate the host with bandwidth utilization controls operative 
to permit access to the second netw-ork. 

29. (original) The system of claim 27 wherein the bandwidth utilization controls 
associated with the milestone are operative to deny access to the second computer 
network. 

30. (original) The system of claim 27 wherein the bandwidth utilization controls 
associated with the milestone are operative to degrade access to the second computer 
network. 

31. (original) The system of claim 27 wherein the bandwidth management device is 
further operative identify network traffic types associated with data flows traversing 
the device; and wherein the user management server is operative to configixre 
bandwidth utilization controls applicable to traffic types identified by the bandwidth 
management device. 

32. (original) The system of claim 27 wherein the bandwidth management device and 
the user management server reside on the same device. 
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